[<prev] [next>] [day] [month] [year] [list]
Message-ID: <41011d980511121005x65186d0bh465ded9a9df4bcc9@mail.gmail.com>
Date: Sat, 12 Nov 2005 23:35:02 +0530
From: crazy frog crazy frog <i.m.crazy.frog@...il.com>
To: bugtraq@...urityfocus.com
Subject: Midicart sql injection
Midicart sql injection
==================
product description(from site):-
==================
MidiCart is a Try-Before-You-Buy Shopping Cart Software, that provides
all you need to create, operate, and maintain a professional Internet
shop. MidiCart ASP and PHP Shopping Cart is extremely easy to use,
flexible, powerful and affordable e-commerce solution for your web
site.
details:-
=======
there exists a vulnerability query string in search_list.asp
file,which is vulerable to sql injection attack.an attacker can run
any arbitary query.
How to determine:-
=================
enter following query in to search box:-
1' union select * from products'
this will list all the products.it mean the installation is vulnerable.
workaround:-
===========
santinize the input supplied.it is stored in a variable named "searchstring".
--
ting ding ting ding ting ding
ting ding ting ding ding
i m crazy frog :)
"oh yeah oh yeah...
another wannabe, in hackerland!!!"
--
ting ding ting ding ting ding
ting ding ting ding ding
i m crazy frog :)
"oh yeah oh yeah...
another wannabe, in hackerland!!!"
Powered by blists - more mailing lists